Provided is a technology which creates an autorun file that is used in autorun for preventing the autorun of a USB-based portable storage, thereby allowing an arbitrary user or worm virus not to manipulate the autorun file. A method for preventing autorun of portable storage accesses at least one of a master file table entry of a root directory and a master file table entry of an autorun file, and sets non-autorun in the at least one accessed master file table entry.
Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A method for preventing autorun of portable storage, the method comprising: accessing a master file table entry of a root directory of the portable storage; analyzing the accessed master file table entry of the root directory to find an index entry of the autorun file of the portable storage; and setting an attribute flag of $FILE_NAME attribute of an index entry of the autorun file to a first specific value which is assigned to prevent autorun of the portable storage, thereby preventing the portable storage from being infected with malicious codes, wherein the portable storage includes an NTFS (New Technology File System).
To prevent automatic execution (autorun) of programs from a USB drive on an NTFS file system, the method involves accessing the root directory's Master File Table (MFT) entry to locate the index entry for the autorun file. The `$FILE_NAME` attribute of the autorun file's index entry then has its attribute flag set to a specific value. This specific value is designated to disable autorun, preventing malicious code from automatically running when the USB drive is connected.
2. The method of claim 1 , wherein as the attribute flag is set to the first specific value, an attribute of the autorun file is changed to a hidden attribute or a system attribute.
Building on the method to prevent autorun by modifying the autorun file's attribute flag, as described previously, setting the attribute flag to the specified value also changes the autorun file's attributes. Specifically, this modification sets the autorun file to either a hidden attribute (making it invisible to normal users) or a system attribute (marking it as a critical system file).
3. The method of claim 1 , further comprising setting a state flag of a header in the accessed master file table entry of the autorun file to a second specific value or setting an attribute flag in the accessed master file table entry of the autorun file to a third specific value.
In addition to setting the attribute flag of the `$FILE_NAME` attribute in the autorun file's index entry to prevent autorun, this method further enhances security by modifying the autorun file's MFT entry directly. This involves either setting a state flag within the header of the MFT entry to a specific value, OR setting another attribute flag within the MFT entry itself to a different specific value. These values indicate the autorun file should not be executed.
4. The method of claim 3 , wherein as the attribute flag or the state flag is set to the second or third specific value, the autorun file is recognized as a deleted or corrupted file, or an attribute of the autorun file is changed to a hidden attribute or a system attribute.
Expanding on the methods involving setting specific flags in the autorun file's MFT entry, including either the header's state flag or another attribute flag, setting either flag results in the autorun file being treated as either deleted or corrupted by the operating system. Alternatively, setting either flag can result in the autorun file's attributes being changed to hidden or system attributes, effectively preventing execution by normal users.
5. The method of claim 1 , further comprising creating an autorun file for setting of non-autorun in the portable storage if there is no autorun file as a result of analyzing.
Building upon the method of modifying the autorun file attributes to prevent autorun, this method addresses the scenario where no autorun file exists on the USB drive. If the analysis of the root directory's MFT entry reveals the absence of an autorun file, the method creates a new autorun file specifically configured to prevent autorun functionality. This newly created file ensures that even if a malicious autorun file is later added, it will not be executed.
6. The method of claim 5 , wherein the creating of the autorun file comprises setting access control for preventing access to the autorun file by using a security descriptor.
When creating a new autorun file to prevent automatic execution (as described in the previous method), the creation process includes setting access control restrictions on the new autorun file. These restrictions are implemented using a security descriptor, which defines who (users, processes) has permission to access or modify the file. By denying access, the method prevents unauthorized modification or replacement of the protective autorun file, even by malicious software.
7. The method of claim 5 , wherein the creating of the autorun file comprises distributing attributes of the created autorun file to at least two master file table entries to store the distributed attributes in the master file table entries.
Expanding on the method of creating an autorun file to disable autorun, this method enhances security by distributing the attributes of the created autorun file across multiple Master File Table (MFT) entries. Instead of storing all attributes in a single MFT entry, the attributes are divided and stored in at least two separate MFT entries. This distribution makes it more difficult for malicious software to locate and modify the complete set of file attributes.
8. The method of claim 7 , wherein the distributing comprises: storing $ATTRIBUTE_LIST attribute in a base master file table entry; and storing attributes other than the $ATTRIBUTE_LIST attribute in a non-base master file table entry.
When distributing attributes of the created autorun file across multiple MFT entries (as in the previous method), a specific distribution scheme is used. The `$ATTRIBUTE_LIST` attribute, which links to other attributes, is stored in the base MFT entry. All other attributes, excluding the `$ATTRIBUTE_LIST` itself, are stored in a non-base MFT entry. This separates the core linkage information from the actual attribute data, potentially thwarting attempts to manipulate the file.
9. A method for preventing autorun of portable storage, the method comprising: accessing a master file table entry of a root directory of the portable storage; analyzing the accessed master file table entry of the root directory to find an index entry of the autorun file of the portable storage; creating a backup file of the autorun file; creating a new autorun file for setting of non-autorun in the portable storage; and setting an attribute flag of $FILE_NAME attribute of an index entry of the new autorun file to a first specific value which is assigned to prevent autorun of the portable storage, thereby preventing the portable storage from being infected with malicious codes, wherein the portable storage includes an NTFS (New Technology File System).
An alternative method to prevent autorun on a USB drive involves first accessing the root directory's MFT entry to locate the index entry of any existing autorun file. This method then creates a backup copy of the original autorun file. Following the backup, a new autorun file is created, configured to prevent autorun. The `$FILE_NAME` attribute of this new autorun file's index entry has its attribute flag set to a specific value that disables autorun, preventing malicious code execution.
10. The method of claim 9 , wherein the creating of the new autorun file comprises setting access control for preventing access to the new autorun file by using a security descriptor.
In the method that involves creating a new autorun file to disable autorun after backing up the original, the creation of the new autorun file includes setting access control restrictions. A security descriptor is used to define who can access or modify this new autorun file. By restricting access, it ensures that only authorized system processes can alter the file, preventing malicious software from replacing it or changing its configuration to re-enable autorun.
11. An apparatus for preventing autorun of portable storage, the apparatus including a storage and a processor and comprising: an access module accessing a portable storage; and a non-autorun module analyzing a master file table entry of a root directory to find an index entry of an autorun file of the portable storage, and setting an attribute flag of $FILE_NAME attribute of an index entry of the autorun file to a first specific value which is assigned to prevent autorun of the portable storage, thereby preventing the portable storage from being infected with malicious codes, wherein the portable storage includes an NTFS (New Technology File System).
An apparatus designed to prevent autorun on portable storage devices includes a storage component and a processor. The device features an access module that interacts with the portable storage. It also has a non-autorun module that analyzes the Master File Table (MFT) entry of the root directory to find the index entry of the autorun file. The non-autorun module then sets the attribute flag of the `$FILE_NAME` attribute of the autorun file's index entry to a specific value, disabling autorun and preventing malware infections.
12. The apparatus of claim 11 , wherein the non-automn module sets a state flag of a header in the master file table entry of the autorun file to a second specific value or setting an attribute flag in the master file table entry of the autorun file to a third specific value.
Within the autorun prevention apparatus, as previously described, the non-autorun module has the ability to modify the autorun file's Master File Table (MFT) entry directly. It can either set a state flag in the header of the MFT entry to a particular value, or it can set another attribute flag within the MFT entry to a different specific value. Both flag modifications serve the purpose of preventing the autorun file from being executed automatically.
13. The apparatus of claim 11 , wherein the non-autorun module creates an autorun file for setting of non-autorun in the portable storage if there is no autorun file as a result of analyzing.
The autorun prevention apparatus also includes functionality to create an autorun file if one does not already exist. If the non-autorun module's analysis of the storage device reveals the absence of an autorun file, the module will create a new autorun file specifically configured to disable autorun. This ensures that even if a malicious autorun file is later introduced, the system will remain protected.
14. The apparatus of claim 13 , wherein the non-autorun module sets an access control for preventing access to the autorun file using a security descriptor.
Expanding on the capabilities of the autorun prevention apparatus, the non-autorun module, when creating a new autorun file, sets access control restrictions. It uses a security descriptor to define the permissions for accessing and modifying the new autorun file. This access control prevents unauthorized changes to the file, ensuring that its autorun-disabling configuration remains intact and cannot be overridden by malicious software.
15. The apparatus of claim 13 , wherein the non-autorun module distributes attributes of the created autorun file to at least two master file table entries to store the distributed attributes in the master file table entries.
In the autorun prevention apparatus, the non-autorun module can enhance the security of the created autorun file by distributing its attributes across multiple Master File Table (MFT) entries. Instead of storing all attributes in a single entry, the module splits them and stores them in at least two MFT entries. This distribution strategy makes it more difficult for malicious software to identify and manipulate the complete set of attributes, increasing the file's resilience to tampering.
16. The apparatus of claim 15 , wherein the non-autorun module stores $ATTRIBUTE_LIST attribute in a base master file table entry; and stores attributes other than the $ATTRIBUTE_LIST attribute in a non-base master file table entry.
Within the autorun prevention apparatus, the non-autorun module distributes the attributes of the created autorun file across multiple MFT entries using a specific distribution method. The `$ATTRIBUTE_LIST` attribute, which points to other attributes, is stored in the base MFT entry. All other attributes, *except* the `$ATTRIBUTE_LIST` attribute itself, are stored in a non-base MFT entry. This separation makes it harder for malicious code to modify the file's core attributes.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
August 3, 2010
April 4, 2017
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.